From f30dec9e6323c69762b91ec128ac64354b50cad4 Mon Sep 17 00:00:00 2001 From: Ryan Lerch Date: Wed, 16 Aug 2023 14:15:00 +1000 Subject: [PATCH] maubot on staging openshift - first attempt Signed-off-by: Ryan Lerch --- playbooks/openshift-apps/maubot.yml | 53 ++++++++++++ .../maubot/files/imagestream.yml | 8 ++ roles/openshift-apps/maubot/files/service.yml | 15 ++++ roles/openshift-apps/maubot/files/storage.yml | 11 +++ .../maubot/templates/buildconfig.yml | 28 +++++++ .../maubot/templates/config.yml | 81 +++++++++++++++++++ .../maubot/templates/configmap.yml | 15 ++++ .../maubot/templates/deploymentconfig.yml | 58 +++++++++++++ 8 files changed, 269 insertions(+) create mode 100644 playbooks/openshift-apps/maubot.yml create mode 100644 roles/openshift-apps/maubot/files/imagestream.yml create mode 100644 roles/openshift-apps/maubot/files/service.yml create mode 100644 roles/openshift-apps/maubot/files/storage.yml create mode 100644 roles/openshift-apps/maubot/templates/buildconfig.yml create mode 100644 roles/openshift-apps/maubot/templates/config.yml create mode 100644 roles/openshift-apps/maubot/templates/configmap.yml create mode 100644 roles/openshift-apps/maubot/templates/deploymentconfig.yml diff --git a/playbooks/openshift-apps/maubot.yml b/playbooks/openshift-apps/maubot.yml new file mode 100644 index 0000000000..9381b4478d --- /dev/null +++ b/playbooks/openshift-apps/maubot.yml @@ -0,0 +1,53 @@ +- name: make the app be real + hosts: os_control_stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: openshift/project + app: maubot + description: Maubot + appowners: + - ryanlerch + - kevin + + - role: openshift/object + app: maubot + template: imagestream.yml + objectname: imagestream.yml + + - role: openshift/object + app: maubot + template: buildconfig.yml + objectname: buildconfig.yml + + - role: openshift/start-build + app: maubot + buildname: maubot-build + objectname: maubot-build + + - role: openshift/object + app: maubot + file: service.yml + objectname: service.yml + + - role: openshift/route + app: maubot + routename: web + host: host: "maubot.apps.ocp{{ env_suffix }}.fedoraproject.org" + serviceport: web + servicename: web + + - role: openshift/object + app: maubot + file: deploymentconfig.yml + objectname: deploymentconfig.yml + + - role: openshift/rollout + app: maubot + dcname: maubot diff --git a/roles/openshift-apps/maubot/files/imagestream.yml b/roles/openshift-apps/maubot/files/imagestream.yml new file mode 100644 index 0000000000..296e8e9172 --- /dev/null +++ b/roles/openshift-apps/maubot/files/imagestream.yml @@ -0,0 +1,8 @@ +apiVersion: image.openshift.io/v1 +kind: List +items: + # The main maubot image + - apiVersion: image.openshift.io/v1 + kind: ImageStream + metadata: + name: maubot diff --git a/roles/openshift-apps/maubot/files/service.yml b/roles/openshift-apps/maubot/files/service.yml new file mode 100644 index 0000000000..f6458dcf32 --- /dev/null +++ b/roles/openshift-apps/maubot/files/service.yml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: web + labels: + app: maubot +spec: + ports: + - name: web + port: 8080 + targetPort: 8080 + selector: + app: maubot + deploymentconfig: web diff --git a/roles/openshift-apps/maubot/files/storage.yml b/roles/openshift-apps/maubot/files/storage.yml new file mode 100644 index 0000000000..937c08e585 --- /dev/null +++ b/roles/openshift-apps/maubot/files/storage.yml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: data +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: ocs-storagecluster-cephfs diff --git a/roles/openshift-apps/maubot/templates/buildconfig.yml b/roles/openshift-apps/maubot/templates/buildconfig.yml new file mode 100644 index 0000000000..a5dfb937bf --- /dev/null +++ b/roles/openshift-apps/maubot/templates/buildconfig.yml @@ -0,0 +1,28 @@ +{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} +--- +apiVersion: build.openshift.io/v1 +kind: BuildConfig +metadata: + name: maubot-build + labels: + app: maubot + build: maubot +spec: + runPolicy: Serial + source: + dockerfile: |- + FROM fedora:38 + RUN mkdir -p /maubot/plugins /maubot/trash /maubot/logs /maubot/crypto + RUN dnf -y install python3-pip && dnf -y clean all + RUN pip install maubot[encryption] + WORKDIR /maubot + ENTRYPOINT /usr/bin/python3 -m maubot -c /config/config.yml + type: Dockerfile + strategy: + type: Docker + dockerStrategy: + noCache: false + output: + to: + kind: ImageStreamTag + name: maubot:latest diff --git a/roles/openshift-apps/maubot/templates/config.yml b/roles/openshift-apps/maubot/templates/config.yml new file mode 100644 index 0000000000..49f4b45cbb --- /dev/null +++ b/roles/openshift-apps/maubot/templates/config.yml @@ -0,0 +1,81 @@ + +database: sqlite:///maubot.db + +crypto_database: default + +database_opts: + min_size: 1 + max_size: 10 + +plugin_directories: + upload: ./plugins + load: + - ./plugins + trash: ./trash + +plugin_databases: + sqlite: ./plugins + postgres: null + postgres_max_conns_per_plugin: 3 + postgres_opts: {} + +server: + hostname: 0.0.0.0 + port: 8080 + public_url: http://maubot.apps.ocp{{env_suffix}}.fedoraproject.org/ + ui_base_path: / + plugin_base_path: /plugin/ + override_resource_path: false + unshared_secret: generate + +homeservers: + fedora.im: + url: https://fedora.ems.host + secret: null + +admins: + root: "" + {% if env == 'staging' %} + {{ maubot_stg_admin_username }}: "{{ maubot_stg_admin_password }}" + {% endif %} + +api_features: + login: true + plugin: true + plugin_upload: true + instance: true + instance_database: true + client: true + client_proxy: true + client_auth: true + dev_open: true + log: true + +logging: + version: 1 + formatters: + colored: + (): maubot.lib.color_log.ColorFormatter + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + normal: + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + handlers: + file: + class: logging.handlers.RotatingFileHandler + formatter: normal + filename: ./maubot.log + maxBytes: 10485760 + backupCount: 10 + console: + class: logging.StreamHandler + formatter: colored + loggers: + maubot: + level: INFO + mau: + level: INFO + aiohttp: + level: INFO + root: + level: DEBUG + handlers: [file, console] diff --git a/roles/openshift-apps/maubot/templates/configmap.yml b/roles/openshift-apps/maubot/templates/configmap.yml new file mode 100644 index 0000000000..9fef7b3b44 --- /dev/null +++ b/roles/openshift-apps/maubot/templates/configmap.yml @@ -0,0 +1,15 @@ +{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} +--- +apiVersion: v1 +kind: List +metadata: {} +items: +- apiVersion: v1 + kind: ConfigMap + metadata: + name: config + labels: + app: maubot + data: + config.yml: |- + {{ load_file('config.yml') | indent(6) }} diff --git a/roles/openshift-apps/maubot/templates/deploymentconfig.yml b/roles/openshift-apps/maubot/templates/deploymentconfig.yml new file mode 100644 index 0000000000..c4bad2cf7e --- /dev/null +++ b/roles/openshift-apps/maubot/templates/deploymentconfig.yml @@ -0,0 +1,58 @@ +--- +apiVersion: apps.openshift.io/v1 +kind: DeploymentConfig +metadata: + name: web + labels: + app: maubot +spec: + replicas: 1 + selector: + app: maubot + deploymentconfig: web + strategy: + type: Rolling + activeDeadlineSeconds: 21600 + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + template: + metadata: + creationTimestamp: null + labels: + app: maubot + deploymentconfig: web + spec: + containers: + - name: maubot + imagePullPolicy: Always + ports: + - containerPort: 8080 + volumeMounts: + - name: data + mountPath: /maubot + - name: config + mountPath: /config + readOnly: true + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 5 + httpGet: + path: / + port: 8080 + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 20 + httpGet: + path: / + port: 8080 + volumes: + - name: config + configMap: + name: config + - name: data + persistentVolumeClaim: + claimName: data